If you believe you have found a security issue in Agent Contracts, please do not open a public issue with exploit details.
Instead, contact the maintainers privately with:
- a description of the issue
- affected files, commands, or workflows
- reproduction steps if available
- impact assessment
We will aim to acknowledge reports promptly and coordinate a fix before public disclosure when appropriate.
This repository is currently a CLI and library for contract parsing and validation. Security reports are especially helpful for:
- unsafe file handling
- command execution risks
- dependency or supply-chain issues
- parsing vulnerabilities
- output that could mislead users in high-risk governance workflows